Cyber Posture

CVE-2025-13768

High

Published: 28 November 2025

Published
28 November 2025
Modified
01 December 2025
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0016 36.3th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-13768 is a high-severity Authorization Bypass Through User-Controlled Key (CWE-639) vulnerability in Uniong Webitr. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 36.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match
prevent

Enforces approved authorizations for access, directly preventing authentication bypass via modification of user-controlled parameters like user ID.

SI-10 Information Input Validation good match
prevent

Requires validation of information inputs, mitigating exploitation by validating and rejecting tampered parameters used for impersonation.

AC-6 Least Privilege partial match
prevent

Limits damage from successful impersonation by enforcing least privilege, restricting unauthorized actions even if a low-privilege user is impersonated.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

The vulnerability is an authentication bypass that allows low-privileged attackers to impersonate any user after obtaining a user ID, directly enabling exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

WebITR developed by Uniong has an Authentication Bypass vulnerability, allowing authenticated remote attackers to log into the system as any user by modifying a specific parameter. Attackers must first obtain a user ID to exploit this vulnerability.

Deeper analysisAI

CVE-2025-13768 is an authentication bypass vulnerability in WebITR, a software product developed by Uniong. The flaw, classified under CWE-639 (Authorization Bypass Through User-Controlled Key), enables authenticated remote attackers to log into the system as any user by modifying a specific parameter. Attackers must first obtain a valid user ID to exploit this issue. The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high potential impact on confidentiality, integrity, and availability.

The attack requires low-privilege authenticated access over the network, with high attack complexity due to the need to first acquire a target user ID. Once exploited, attackers can impersonate any user, potentially escalating privileges and performing unauthorized actions within the WebITR system, such as accessing sensitive data or modifying configurations.

TWCERT advisories detail the vulnerability and provide guidance on mitigation; refer to https://www.twcert.org.tw/en/cp-139-10539-21f45-2.html and https://www.twcert.org.tw/tw/cp-132-10538-6a26d-1.html for patches or workarounds. The CVE was published on 2025-11-28.

Details

CWE(s)
CWE-639

Affected Products

uniong
webitr
≤ 2_1_0_34

CVEs Like This One

CVE-2025-9254Same product: Uniong Webitr
CVE-2026-5617Shared CWE-639
CVE-2026-29002Shared CWE-639
CVE-2026-41906Shared CWE-639
CVE-2026-0020Shared CWE-639
CVE-2026-34602Shared CWE-639
CVE-2026-2697Shared CWE-639
CVE-2026-25147Shared CWE-639
CVE-2025-7347Shared CWE-639
CVE-2026-25497Shared CWE-639

References